name: Release App on: push: # Cannot filter on both branches (release) and tags - it's ORed tags: - '[0-9]+.[0-9]+.[0-9]+' - '[0-9]+.[0-9]+.[0-9]+.[0-9]+' - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+' - '[0-9]+.[0-9]+.[0-9]+-rc\.[0-9]+\.[0-9]+' env: # Our build metadata BUILD_USER: builder BUILD_HOST: github.syncthing.net jobs: release: name: Release Build and Publish runs-on: ubuntu-latest container: ghcr.io/syncthing/syncthing-android-builder steps: - uses: actions/checkout@v3 with: submodules: true fetch-depth: 0 - name: Ensure release branch run: | git config --system --add safe.directory '*' if ! git branch -a --contains $(git rev-parse HEAD) | grep release >/dev/null; then echo "Tag is not part of release branch - aborting..." exit 1 fi - name: build_release env: SYNCTHING_RELEASE_KEY_ALIAS: android SIGNING_PASSWORD: '${{ secrets.SIGNING_PASSWORD }}' SYNCTHING_RELEASE_STORE_FILE: '${{ runner.temp }}/signing-keystore.jks' SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE: '${{ runner.temp }}/google-play-secrets.json' shell: bash run: | set -eu -o pipefail echo '${{ secrets.SIGNING_KEYSTORE_JKS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_STORE_FILE" echo '${{ secrets.GOOGLE_PLAY_SECRETS_BASE64 }}' | base64 -d > "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE" java -version ./gradlew --no-daemon buildNative lint assembleRelease bundleRelease publishReleaseBundle rm "$SYNCTHING_RELEASE_STORE_FILE" "$SYNCTHING_RELEASE_PLAY_ACCOUNT_CONFIG_FILE" echo '${{ secrets.GNUPG_SIGNING_KEY_BASE64 }}' | base64 -d | gpg --import cd app/build/outputs/apk/release sha256sum app-release.apk | gpg --clearsign > sha256sum.txt.asc - uses: ncipollo/release-action@v1 with: artifacts: "app/build/outputs/apk/release/*.apk,app/build/outputs/apk/release/*.asc" artifactErrorsFailBuild: true bodyFile: "app/src/main/play/release-notes/en-GB/default.txt" prerelease: ${{ contains('-rc.', github.ref_name) }} draft: true